install_postfix_advanced.sh: add 'Rate limit' configurations.

2022-02-06 13:56:46 +01:00 · 2022-02-06 13:56:46 +01:00 · 6a847b1db1
commit 6a847b1db1
parent dfae78d262
1 changed files with 150 additions and 0 deletions
--- a/install_postfix_advanced.sh
+++ b/install_postfix_advanced.sh
@ -1644,6 +1644,156 @@ virtual_alias_maps =
 virtual_alias_domains =


+#======= Rate Limiting ============
+
+# anvil_rate_time_unit (default: 60s)
+#
+# The time unit over which client connection rates and other rates are
+# calculated.
+#
+# The default interval is relatively short. Because of the high frequency of
+# updates, the anvil(8) server uses volatile memory only. Thus, information is
+# lost whenever the process terminates.
+#
+# Specify a non-zero time value (an integral value plus an optional one-letter
+# suffix that specifies the time unit). Time units: s (seconds), m (minutes),
+# h (hours), d (days), w (weeks). The default time unit is s (seconds).
+#
+# !! Note:
+# I basically only included it for conciseness.
+#
+#anvil_rate_time_unit = 60s
+
+
+# smtpd_soft_error_limit (default: 10)
+#
+# The number of errors a remote SMTP client is allowed to make without
+# delivering mail before the Postfix SMTP server slows down all
+# its responses.
+#
+#smtpd_soft_error_limit = 10
+
+
+# -----
+# Stay off of blacklists: Limit postfix recipients
+# ================================================
+#
+# see also:
+#    https://grovetech.co/blog/stay-off-of-blacklists-limit-postfix-recipients/
+# ----
+
+# smtpd_recipient_limit (default: 1000)
+#
+# The maximal number of recipients that the Postfix SMTP server accepts per
+# message delivery request.
+#
+# Note:
+#    You can't restrict this to a to/cc/bcc field – it's for all recipients.
+#
+smtpd_recipient_limit = 50
+
+
+# smtpd_recipient_overshoot_limit (default: 1000)
+#
+# The number of recipients that a remote SMTP client can send in excess of
+# the limit specified with \$smtpd_recipient_limit, before the Postfix SMTP
+# server increments the per-session error count for each excess recipient.
+#
+smtpd_recipient_overshoot_limit = 51
+
+# smtpd_hard_error_limit (default: normal: 20, overload: 1)
+#
+# The maximal number of errors a remote SMTP client is allowed to make
+# without delivering mail. The Postfix SMTP server disconnects when the
+# limit is reached. Normally the default limit is 20, but it changes under
+# overload to just 1. Valid values are greater than zero.
+#
+#smtpd_hard_error_limit = 20
+
+# ---
+# So you technically need to consider the 3 values here which affect both
+# inbound & outbound mail. Then there’s the throttling tools.
+# ---
+
+
+# smtpd_client_recipient_rate_limit (default: 0)
+#
+# The maximal number of recipient addresses that any client is allowed to
+# send to this service per time unit, regardless of whether or not Postfix
+# actually accepts those recipients. The time unit is specified with the
+# anvil_rate_time_unit configuration parameter.
+#
+# By default, a client can send as many recipient addresses per time unit
+# as Postfix can accept.
+#
+# To disable this feature, specify a limit of 0.
+#
+# WARNING:
+#    The purpose of this feature is to limit abuse. It must not be used to
+#    regulate legitimate mail traffic.
+#
+smtpd_client_recipient_rate_limit = 50
+
+# smtpd_client_connection_rate_limit (default: 0)
+#
+# The maximal number of connection attempts any client is allowed to make
+# to this service per time unit. The time unit is specified with the
+# anvil_rate_time_unit configuration parameter.
+#
+# By default, a client can make as many connections per time unit as Postfix
+# can accept.
+#
+# To disable this feature, specify a limit of 0.
+#
+# WARNING:
+#    The purpose of this feature is to limit abuse. It must not be used to
+#    regulate legitimate mail traffic.
+#
+smtpd_client_connection_rate_limit = 10
+
+# smtpd_client_message_rate_limit (default: 0)
+#
+# The maximal number of message delivery requests that any client is allowed
+# to make to this service per time unit, regardless of whether or not Postfix
+# actually accepts those messages. The time unit is specified with the
+# anvil_rate_time_unit configuration parameter.
+#
+# By default, a client can send as many message delivery requests per time unit
+# as Postfix can accept.
+#
+# To disable this feature, specify a limit of 0.
+#
+# WARNING: The purpose of this feature is to limit abuse. It must not be used
+# to regulate legitimate mail traffic.
+#
+#smtpd_client_message_rate_limit = 10
+
+
+default_extra_recipient_limit = 50
+duplicate_filter_limit = 50
+
+# default_destination_recipient_limit (default: 50)
+#
+# The default maximal number of recipients per message delivery. This is the
+# default limit for delivery via the lmtp(8), pipe(8), smtp(8) and virtual(8)
+# delivery agents.
+#
+#default_destination_recipient_limit = 50
+
+# smtp_destination_recipient_limit (default: \$default_destination_recipient_limit)
+#
+# The maximal number of recipients per message for the smtp message delivery
+# transport. This limit is enforced by the queue manager. The message delivery
+# transport name is the first field in the entry in the master.cf file.
+#
+# Note:
+#    Setting this parameter to a value of 1 changes the meaning of
+#    smtp_destination_concurrency_limit from concurrency per domain into concurrency
+#    per recipient.
+#
+#smtp_destination_recipient_limit = \$default_destination_recipient_limit
+
+
 #======= smtpd Restrictions  ============

 # - Order of evaluating smtpd restriction lists: